When a nationwide recall hits the FDA's enforcement database, the instinct is to read it as a story about one company's bad luck. I think that's the wrong read. Recalls are almost always stories about quality system gaps that had been sitting there quietly, waiting for the right conditions to become visible. The April 2, 2026 recall initiated by Aligned Medical Solutions (Windstone Medical Packaging) — covering the AMS6908E and AMS6908F Angio Packs, each containing the Medline Namic Angiographic Rotating Adapter (RA) 10CC Syringe — is a useful case study in exactly this kind of gap.
This article isn't about that company. It's about what any medical device manufacturer or kit assembler can do to make sure they're not the next entry in the FDA's recall database.
Why Convenience Kits Create Unique Compliance Risk
Convenience kits occupy a genuinely tricky space in the device regulatory world. Under 21 CFR Part 820 (the Quality System Regulation, now substantially aligned with ISO 13485:2016 through the FDA's Quality Management System Regulation finalized in February 2024 and effective February 2, 2026), the kit assembler takes on full manufacturer responsibility for the finished device — even when individual components are sourced from other manufacturers.
That's the part companies tend to underestimate. If you're pulling a syringe from a third-party supplier, a catheter from another, and assembling them into a sterile kit under your own label, you own the quality story for that entire kit. The FDA does not share that responsibility with your suppliers. You do.
According to FDA recall data, combination products and convenience kits have represented a disproportionate share of Class II medical device recalls over the past five years, with component compatibility failures and sterility concerns among the most frequently cited root causes.
The lesson from the Aligned Medical Solutions recall is this: the controls that prevent these events are not exotic. They are the basic blocking and tackling of a mature quality management system. When they're missing or thin, the FDA recall database fills in for them.
What a Quality System Should Catch Before the FDA Does
Supplier Controls That Actually Work
The most common gap I see in kit assembler quality systems is supplier qualification that looks thorough on paper but doesn't actually generate useful information. Companies collect supplier questionnaires, check a few boxes, file the paperwork, and call it done. That's not supplier qualification — that's supplier documentation.
21 CFR 820.50 (now codified under the updated QMSR at 21 CFR Part 820, effective February 2, 2026) requires that manufacturers establish and maintain procedures to ensure that all purchased or otherwise received product and services conform to specified requirements. Under ISO 13485:2016 clause 7.4, this means evaluating and selecting suppliers based on their ability to meet requirements, defining the type and extent of controls, and re-evaluating suppliers at defined intervals.
In practice, that means:
- Component-level specifications that define what you're actually accepting, not just what the supplier says they're shipping
- Incoming inspection protocols with statistically defensible sample sizes, not just visual checks on one unit per lot
- Periodic re-qualification — not a one-time approval that sits in a file forever
- Change notification agreements that require suppliers to alert you before modifying materials, processes, or subcontractors
The rotating adapter in the Aligned Medical Solutions kits came from Medline. If the root cause involved any component characteristic — dimensional, functional, sterility-related, or otherwise — the question becomes whether the kit assembler had the controls in place to detect it before the product shipped. That's the supplier control question every kit manufacturer should be asking about their own programs right now.
Design Verification and Validation for Kit Assemblies
Here's something that surprises people: assembling existing components into a new kit configuration is a design activity. It requires design verification and validation under 21 CFR Part 820 subpart C (and ISO 13485:2016 clause 7.3).
When you combine a rotating adapter with other angiographic components in a single sterile pack, you're creating a new device configuration. That configuration needs to be verified against its design inputs and validated to confirm it performs as intended in real use conditions. This includes:
- Compatibility testing between all components sharing the same sterile field
- Packaging validation per ASTM F2097 and ASTM F1980 (accelerated aging) to confirm that the full kit — not just individual components — maintains sterile barrier integrity over its labeled shelf life
- Functional testing of component interactions, especially where one device interfaces mechanically with another (as a rotating adapter does)
The FDA's expectation, reinforced by ISO 11607-1:2019, is that sterile barrier validation is performed on the finished configuration as packaged and labeled for sale. Sourcing a component that has its own validation data is not a substitute for validating the kit configuration you're actually selling.
If your design history file for a kit contains only the component manufacturers' IFUs and spec sheets, it's almost certainly incomplete.
Process Controls That Close the Gap
In-Process and Final Inspection
A reliable inspection program for kit assembly has three characteristics that I've found are frequently missing in companies that end up with recall events.
First, it's risk-stratified. Not every attribute on every component gets the same inspection intensity. Attributes that affect sterility, functionality in critical use scenarios (angiographic procedures carry real patient risk), and labeling accuracy get higher sample sizes and more rigorous acceptance criteria. Attributes with lower failure-mode consequence get lighter treatment. ISO 2859-1 and ANSI/ASQ Z1.4 provide the statistical framework for this — and the FDA expects to see that framework applied, not just referenced.
Second, it's documented in a way that's retrievable. Device History Records (DHRs) under 21 CFR 820.184 need to be complete enough that if a problem surfaces post-market, you can reconstruct exactly what happened during manufacturing for any given lot. Incomplete DHRs don't just create audit findings — they make root cause investigation nearly impossible when you actually need it.
Third, it's connected to a real CAPA process. Inspection data that accumulates in a binder without triggering corrective action when trends emerge is not a quality control program. It's a paper trail. The difference between those two things often shows up only when the FDA starts asking questions.
Sterility Assurance Controls
For any sterile kit — and angiographic procedure kits are routinely sterile — the sterility assurance program is non-negotiable. This means:
- Validated sterilization processes with established bioburden testing (ISO 11137-1:2006)
- Packaging integrity testing at initial validation and at defined intervals
- Environmental monitoring for any aseptic assembly steps
- Defined bioburden limits that feed into the sterilization validation
The FDA's 2023 guidance on process validation for combination products reinforced that sterilization validation must address the entire kit configuration, including all components and packaging materials as assembled. A syringe that was validated for sterilization in its own packaging may behave differently when packaged with other components in a larger kit format.
The Post-Market Surveillance Gap
One of the things that distinguishes quality systems that catch problems early from those that catch them via FDA enforcement is the strength of post-market surveillance. Under 21 CFR Part 803 (Medical Device Reporting) and the updated QMSR, manufacturers are required to monitor post-market performance and use that data to drive continuous improvement.
In my experience, the weakest link in most small-to-mid-size medical device manufacturers' quality systems is the connection between complaint handling and the rest of the QMS. Complaints come in, get investigated, get closed — and the data never gets aggregated in a way that surfaces trends before they become reportable events.
A complaint handling program that prevents recalls looks like this:
- Complaints are triaged within 24–48 hours for MDR reportability assessment
- Complaint data is aggregated monthly and reviewed for trends by product line
- Trend analysis is formally linked to CAPA triggers — if complaint rate for a specific lot or product exceeds a defined threshold, an investigation opens automatically
- Post-market surveillance reports are generated at defined intervals and reviewed by quality leadership, not just filed
The FDA's expectation under 21 CFR 820.198 is that complaint files be maintained in a manner that allows for trend analysis. Companies that treat complaint handling as a one-complaint-at-a-time activity, rather than a surveillance system, consistently have worse recall outcomes.
What the New QMSR Changes (and What It Doesn't)
The FDA's Quality Management System Regulation (QMSR) — 21 CFR Part 820, as amended — became effective February 2, 2026. It aligns U.S. device quality requirements substantially with ISO 13485:2016, which is the practical effect of the FDA's intent to harmonize with international standards.
Here's what this means for kit manufacturers specifically:
| Requirement Area | Previous QSR (Pre-Feb 2026) | New QMSR (Post-Feb 2, 2026) |
|---|---|---|
| Design Controls | 21 CFR 820.30 | Aligns with ISO 13485:2016 clause 7.3 |
| Supplier Controls | 21 CFR 820.50 | Aligns with ISO 13485:2016 clause 7.4 |
| Process Validation | 21 CFR 820.75 | Aligns with ISO 13485:2016 clause 7.5.6 |
| CAPA | 21 CFR 820.100 | Aligns with ISO 13485:2016 clause 8.5 |
| Complaint Handling | 21 CFR 820.198 | Aligns with ISO 13485:2016 clause 8.2.2 |
| Risk Management | Limited reference | Now explicitly requires ISO 14971:2019 integration |
| Post-Market Surveillance | Referenced in MDR regs | More explicitly integrated into QMS outputs |
The biggest practical change for kit assemblers is the explicit integration of ISO 14971:2019 risk management throughout the product lifecycle. Risk management is no longer a design-phase activity that you do once and file — it's a living process that feeds design, supplier controls, process validation, and post-market surveillance. If your quality system treats risk management as a one-time document exercise, you're already behind the current FDA expectation.
The transition deadline has passed. If you haven't updated your quality system to align with the QMSR, that's an urgent gap — not a someday project.
A Practical Prevention Checklist for Kit Assemblers
If I were walking through a kit assembly operation today, here's what I'd want to see before I'd feel confident the quality system could prevent the kind of recall event we saw in April 2026:
Supplier qualification: - Written supplier qualification criteria with documented evaluation records - Component specifications that go beyond the supplier's own labeling - Incoming inspection procedures with statistically valid sampling plans - Active change notification agreements in place with critical suppliers
Design and validation: - Design history file for each kit configuration that documents design inputs, verification testing, and validation data - Packaging validation per ISO 11607-1 and ASTM F2097 for the finished kit configuration - Functional and compatibility testing records for component interactions
Manufacturing controls: - Validated sterilization process with bioburden data specific to the kit configuration - Device History Records that are complete, lot-traceable, and retrievable - In-process inspection at defined checkpoints with acceptance criteria tied to risk
Post-market: - Complaint handling SOP with documented MDR triage, trend analysis, and CAPA linkage - Post-market surveillance reports generated at defined intervals - Annual product review that ties surveillance data back to design and process inputs
None of these are new requirements. They were all present in the QSR before the QMSR update. What changes with enforcement is the FDA's expectation of how well-integrated and risk-based these activities are — and how visible that integration is in the documentation.
The Broader Point
Recalls happen to real companies with real quality teams who were doing their best. I'm not here to second-guess anyone's intentions. But the pattern across FDA recall events is consistent enough that it's worth naming plainly: the controls that prevent recalls are known, codified, and available to any manufacturer willing to invest in implementing them properly.
The question isn't whether the requirements exist. They do. The question is whether your quality system has implemented them in a way that would actually catch a problem before it reaches a patient — or before it shows up in the FDA's enforcement database.
If you're a kit assembler and you're not sure the answer to that question is yes, that's the place to start.
For support with medical device quality system gap assessments, ISO 13485 certification, or FDA QMSR compliance, visit Certify Consulting or explore our medical device compliance services.
Source: FDA Recall Notice — Windstone Medical Packaging dba Aligned Medical Solutions, April 2, 2026.
Last updated: 2026-05-09
Jared Clark
Principal Consultant, Certify Consulting
Jared Clark is the founder of Certify Consulting, helping organizations achieve and maintain compliance with international standards and regulatory requirements.